Все бюллетени/sisyphus/ALT-PU-2014-1963-2
ALT-PU-2014-1963-2

Обновление пакета phpMyAdmin в ветке sisyphus

Версия4.2.6-alt1
Задание#126146
Опубликовано2026-02-04
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (9)

CVE-2014-4349
LOW3.5

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

Опубликовано: 2014-06-25Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
Ссылки
CVE-2014-4955
LOW3.5

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.

Опубликовано: 2014-07-20Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
Ссылки
CVE-2014-4986
LOW3.5

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.

Опубликовано: 2014-07-20Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
Ссылки
CVE-2014-4987
MEDIUM4.0

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

Опубликовано: 2014-07-20Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N
Ссылки
CVE-2014-6300
MEDIUM4.3

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Опубликовано: 2014-11-08Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
Ссылки
CVE-2014-7217
LOW3.5

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.

Опубликовано: 2014-10-03Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
Ссылки
GHSA-6wfj-2mw7-p5cg
NONE

phpMyAdmin micro history Implementation XSS Vulnerability

Опубликовано: 2022-05-14Изменено: 2023-08-16
Ссылки
GHSA-jqmr-wqgp-8mh2
NONE

phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Опубликовано: 2022-05-17Изменено: 2023-08-17
Ссылки
GHSA-wv8g-fx9j-q2jg
NONE

phpMyAdmin cross-site scripting Vulnerability via ENUM value

Опубликовано: 2022-05-17Изменено: 2023-08-17
Ссылки